Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Common Security Advisory Framework (CSAF) Verification, Validation, and Application Programming Interface (API).
Common Security Advisory Framework (CSAF) Verification, Validation, and Application Programming Interface (API).
In this project the attempt is made, to provide API and tools to support the CSAF communities from a single repository in the easy to prototype python language.
If, and when this endeavor succeeds, other languages can easily derive form the approach (as long as these offer similar capabilties to keep the effort in check).
Note: CSAF predecessor CVRF versions 1.1 and 1.2 are out of scope.
User and developer documentation of csaf.
Any feature requests or bug reports shall go to the todos of csaf.
The main source of csaf
is on a mountain in central Switzerland.
We use distributed version control (git).
There is no central hub.
Every clone can become a new source for the benefit of all.
The preferred public clones of csaf
are:
Please do not submit "pull requests" (I found no way to disable that "feature" on GitHub). If you like to share small changes under the repositories license please kindly do so by sending a patchset. You can either send such a patchset per email using git send-email or if you are a sourcehut user by selecting "Prepare a patchset" on the summary page of your fork at sourcehut.
Please kindly submit issues at https://todo.sr.ht/~sthagen/csaf or write plain text email to ~sthagen/csaf@lists.sr.ht to submit patches and request support. Thanks.
In alphabetical order:
Experimental
Note: The default branch is default
.
FAQs
Common Security Advisory Framework (CSAF) Verification, Validation, and Application Programming Interface (API).
We found that csaf demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.